public static void main(String[] args) throws IOException { if (args.length != 2) { System.err.println("Dump credential cache file"); System.err.println("Usage: CredentialCache <ccache-file>"); System.exit(1); } String cacheFile = args[1]; CredentialCache cc = new CredentialCache(); cc.load(new File(cacheFile)); for (Credential cred : cc.getCredentials()) { Ticket tkt = cred.getTicket(); System.out.println("Tkt server name: " + tkt.getSname().getName()); System.out.println("Tkt client name: " + cred.getClientName().getName()); System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName()); } }
public static void main(String[] args) throws IOException { if (args.length != 2) { System.err.println("Dump credential cache file"); System.err.println("Usage: CredentialCache <ccache-file>"); System.exit(1); } String cacheFile = args[1]; CredentialCache cc = new CredentialCache(); cc.load(new File(cacheFile)); for (Credential cred : cc.getCredentials()) { Ticket tkt = cred.getTicket(); System.out.println("Tkt server name: " + tkt.getSname().getName()); System.out.println("Tkt client name: " + cred.getClientName().getName()); System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName()); } }
@Override public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext, PaDataEntry paData) throws KrbException { EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class); EncryptionKey clientKey = kdcRequest.getClientKey(encData.getEType()); if (clientKey == null) { throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP); } PaEncTsEnc timestamp = EncryptionUtil.unseal(encData, clientKey, KeyUsage.AS_REQ_PA_ENC_TS, PaEncTsEnc.class); KdcContext kdcContext = kdcRequest.getKdcContext(); long clockSkew = kdcContext.getConfig().getAllowableClockSkew() * 1000; if (!timestamp.getAllTime().isInClockSkew(clockSkew)) { throw new KrbException(KrbErrorCode.KDC_ERR_PREAUTH_FAILED); } return true; }
@Override public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext, PaDataEntry paData) throws KrbException { EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class); EncryptionKey clientKey = kdcRequest.getClientKey(encData.getEType()); if (clientKey == null) { throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP); } PaEncTsEnc timestamp = EncryptionUtil.unseal(encData, clientKey, KeyUsage.AS_REQ_PA_ENC_TS, PaEncTsEnc.class); KdcContext kdcContext = kdcRequest.getKdcContext(); long clockSkew = kdcContext.getConfig().getAllowableClockSkew() * 1000; if (!timestamp.getAllTime().isInClockSkew(clockSkew)) { throw new KrbException(KrbErrorCode.KDC_ERR_PREAUTH_FAILED); } return true; }
EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType); if (ticket.getTktvno() != KrbConstant.KRB_V5) {
EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType); if (ticket.getTktvno() != KrbConstant.KRB_V5) {
getServerPrincipal()).getKey(tkt.getTicket().getEncryptedEncPart().getEType()); ApResponse apResponse = new ApResponse(apReq, encryptedKey); ApRep apRep = apResponse.getApRep();
clientKey = HasUtil.getClientKey(clientPrincipal.getName(), passPhrase, kdcRep.getEncryptedEncPart().getEType()); } catch (KrbException e) { throw new HasException("Could not generate key. " + e.getMessage());
clientKey = HasUtil.getClientKey(clientPrincipal.getName(), passPhrase, kdcRep.getEncryptedEncPart().getEType()); } catch (KrbException e) { throw new HasException("Could not generate key. " + e.getMessage());
int encryptType = apReq.getTicket().getEncryptedEncPart().getEType().getValue();
EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType(); String remoteRealm = tgtTicket.getRealm(); if (checkCrossRealm(remoteRealm)) {
EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType(); String remoteRealm = tgtTicket.getRealm(); if (checkCrossRealm(remoteRealm)) {